Bug 765022

Summary:	<net-analyzer/cacti-1.2.17: XSS vulnerability
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	netmon
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/Cacti/cacti/issues/4035
Whiteboard:	B4 [noglsa]
Package list:	net-analyzer/cacti-1.2.17 net-analyzer/cacti-spine-1.2.17	Runtime testing required:	---

Description Sam James archtester

2021-01-11 22:14:39 UTC

An XSS issue to be fixed in .17, not yet patched.

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:24:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:33:11 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:41:01 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:49:12 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 18:05:07 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:13:25 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 Agostino Sarubbo gentoo-dev

2021-08-11 06:39:34 UTC

amd64 stable

Comment 8 Agostino Sarubbo gentoo-dev

2021-08-11 06:42:00 UTC

sparc stable

Comment 9 Agostino Sarubbo gentoo-dev

2021-08-25 04:23:26 UTC

x86 stable.

Maintainer(s), please cleanup.

Comment 10 Larry the Git Cow gentoo-dev

2021-10-17 20:39:13 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d752c75f06d85b2eeceb3770f27484ca7bd2df1

commit 8d752c75f06d85b2eeceb3770f27484ca7bd2df1
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-10-17 20:07:19 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-10-17 20:36:42 +0000

    net-analyzer/cacti: drop 1.2.16-r1
    
    Bug: https://bugs.gentoo.org/765022
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-analyzer/cacti/Manifest                        |   1 -
 net-analyzer/cacti/cacti-1.2.16-r1.ebuild          |  54 ----
 .../cacti/files/cacti-1.2.16-CVE-2020-35701.patch  |  29 --
 .../cacti/files/cacti-1.2.16-XSS-issue-4019.patch  | 360 ---------------------
 4 files changed, 444 deletions(-)

Comment 11 John Helmert III archtester

2021-10-17 20:40:01 UTC

Cleaned up, all done!